Only remount if requested flags differ from current

Do not remount a bind mount to enable flags unless non-default flags are provided for the requested mount. This solves a problem with user namespaces and remount of bind mount permissions. Docker-DCO-1.1-Signed-off-by: Phil Estes <[email protected]> (github: estesp)
opencontainers · Sep 30, 2015 · 97f5ee4 · 97f5ee4
1 parent 902ccd0
commit 97f5ee4
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -167,9 +167,14 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
 			return err
 		}
 		// bind mount won't change mount options, we need remount to make mount options effective.
-		if err := remount(m, rootfs); err != nil {
-			return err
+		// first check that we have non-default options required before attempting a remount
+		if m.Flags&^(syscall.MS_REC|syscall.MS_REMOUNT|syscall.MS_BIND) != 0 {
+			// only remount if unique mount options are set
+			if err := remount(m, rootfs); err != nil {
+				return err
+			}
 		}
+
 		if m.Relabel != "" {
 			if err := label.Validate(m.Relabel); err != nil {
 				return err